Check Point NG[s]AI
C
CAs. See Certificate Authorities
caching options, URI resources, 336 “337
CDs
installing on Solaris, 105
installing policy server from, 476 “477
Windows installation from, 69
Central Licensing feature, 205 “209
Certificate Authorities (CAs)
configuring internal, 191 “192
as encryption scheme, 439 “440
initializing, installation process, 89 “93
SIC and, 22
certificate revocation lists (CRLs), 22, 192
certificates
authentication to VPN gateways, 488 “489
and CAs, 439 “440
remote user configuration, 505 “506
renewal of, 489
chaining CVP group properties, 330
chapter summaries
advanced VPN configurations, 546
applying NAT, 279
authenticating users, 314
Check Point Next Generation (NG) introduction, 39 “41
installing and configuring VPN-1/FW-1 NG AI, 152 “153
managing policies and logs, 408
OPSEC and content filtering, 362 “363
securing remote clients , 511
security policy, creating, 253
SmartDefense, 567
tracking and alerts, 430
using the GUI, 213
VPN configurations, 470
Check Point
Application Intelligence. See NG AI
encrpytion algorithms (table), 437
firewall. See FireWall-1 (FW-1), VPN-1/Firewall-1
help, online, 548
high availability (CPHA), 95
Next Generation. See NG AI
OPSEC Partner Alliance, 7
Security Policy, 218
UserCenter, logging in to, 566
Check Point gateway objects, 163 “164
Check Point High Availability (CPHA), 516
Check Point Malicious Activity Detection, 24
Check Point Management Interface (CPMI), 321, 343
Check Point Next Generation (NG)
Application Intelligence. See NG AI
installation. See installation
licensing, 51 “52
suite described, 2 “4, 39 “42
SVN architecture, 3
Check Point Open Platform for Security. See OPSEC
Check Point SecurePlatform, 20
Check Point SVN Foundation installation, 61
Check Point User Center, obtaining licenses, 51 “52
Check Point User Database tool, 66
CIFS (Common Internet File System)
resources, controlling access to internal users, 361
SmartDefense worm protection, 566
ciphertext , 434
Cisco
routers and OSE technology, 169 “172
and VPN configurations, 455
Citrix ICA application names , 399
Cleanup Rule, 201, 238 “239
client authentication
described, using, 303 “309
vs. session authentication, 308 “309
vs. user authentication, 306
client encryption rules, configuring, 460, 493 “495
Client/Server architecture, 19 “20
client-to-site VPN, 440, 499 “509
clustering
HA and load sharing configurations, 521
MEP vs. SEP, 538
network, High Available, 517
Nokia s technology, 548
and redundancy, 13
clusters
policy configuration, 532
viewing status of, 527
ClusterXL
described, using, 12 “13, 42
IPSO-based appliances and, 548
modules installed, 531
Code Red worm, 32
collisions and hash functions, 438
command line
firewall control commands, 402 “406
firewall process commands, 406 “407
running commands, 411
commands
See also specific command
alerts, 414 “420
command line. See command line
firewall administration, 402 “407
operating-specific for listing running processes, 406 “407
SAM, options (table), 425 “427
Committed Information Rate (CIR), 194
Common Internet File System (CIFS) and CVP resources, 325
Community Traffic Security Policy, 449
compression, IP, 485
Computer Associates SafeGate, 322
confidentiality
Executive Security Policy, 220
protecting, 562 “563
Configuration Tool screen, installation process, 94 “95
configurations
common, options, 163 “167
SecuRemote VPN, 458
configuring
administrators, 84 “87
alerts, 419 “420
CA on Solaris platform, 122 “123
Check Point VPN-1/FW-1 NG AI on Solaris, 114 “129
DNS, 58 “59
FloodGate-1, 204
Global Properties, 200 “205
GUI clients, 87 “89, 119 “121
IKE VPN in Simplified mode, 447 “453
IKE VPN in Traditional mode, 441 “446
interoperable devices, 172
IP Pool NAT, 539
Multiple Entry Point VPNs, 533 “543
NG AI for performance, 372 “376
policy servers, 478 “479
RADIUS authentication, 289 “291
scheduled events, 194
SCV options, 489 “493
SecuRemote VPN, 457 “462
SmartView Tracker, 209 “210
Stateful Inspection, 204
static address translation, 266 “272
static IP addresses, 64
static rules automatically, 274
VPN-1/FW-1 on Nokia, 144 “146
VPN-1/FW-1 on Windows, 80 “97
ConnectControl feature, 204
Connection Persistence options, 236
Connection Refused message, 257
connections
blocking, and SAM, 424 “429
blocking, duration of, 410
concurrent on FW-1, 377 “378
displaying, 383
synchronized, 528
Consolidation Policy Editor, 11
Content Vectoring Protocol (CVP)
creating resources, 324 “326
described, using, 22, 320, 322 “331
grouped objects, 329 “331
load balancing chained servers, 331
using CVP resources in rules, 327 “329
using resources in rules, 324 “329
controls, security, categories of, 223
copying
installation files, 75 “76
rules, 242
cpconfig command
changing administrators, 215
changing configuration with, 127
running on Nokia, 145
cpconfig command, 404
CPfwbc-41 package removal, 131
CPHA. See Check Point High Availability
cphaprob command, 523 “524
cpshell, using, 148 “151
cpstart, cpstat commands, 404
cpstop command, 403
CPU (central processing unit)
optimizing performance, 382
upgrade recommendations (table), 386
creating
CVP groups, 330
default users for authentication, 292 “293
reports with Report Tool, 11 “12
templates for authentication, 293 “297
URI resource to use UFP, 334
user groups, 297 “298
Web sites, 464 “467
CRLs (certificate revocation lists), 22, 192
Cross Site Scripting tab, SmartDefense, 562 “563
customizing
alert types, 414
SmartDashboard, 205
UFP server object, 332